Apr 20 2023 05:00 AM
Hi there!
Without going into specific details about how and what have happened I can clearly say that we are missing at least two alerts regarding suspicious additions to sensitive groups.
What I can say is that we don't have any exclusions on that rule in MDI but still we had new members in one group without any alert. Can see the additions in the legacy portal (portal.atp.azure.com) but not classified as suspicious for some reason, meanwhile another addition to the same group raised an alert the day after.
What can be the issue and how can make it so that it does not happen again?
Apr 20 2023 01:58 PM - edited Apr 20 2023 01:59 PM
Don't forget to mark helpful and like my comment if you find helpful
If you are experiencing missing alerts from Microsoft Defender and suspicious additions to sensitive groups, it could be an indication of a potential security threat or a misconfiguration of your system. Here are some steps you can take:
1. Check the configuration of Microsoft Defender: Make sure that Microsoft Defender is properly configured and that all the necessary features are enabled. Check if the alert settings are properly configured and if there are any exclusions that might be affecting the detection of suspicious activities.
2. Run a full system scan: Perform a full system scan using Microsoft Defender to identify any potential malware or other security threats on your system.
3. Check group membership: Verify the membership of sensitive groups to ensure that only authorized users have access. Review the audit logs to determine if there have been any unauthorized changes to group membership.
4. Investigate suspicious activities: If you identify any suspicious activities or changes, investigate them further to determine the cause and take appropriate action. This could include disabling compromised accounts, revoking privileges, and changing passwords.
5. Consider getting help: If you are unable to resolve the issue on your own, consider getting help from a qualified security professional or Microsoft support. They can help you investigate and address the issue to ensure the security of your system.
Remember that prevention is always better than cure. Regularly updating your software and implementing strong security practices can help prevent security incidents before they occur.
Apr 21 2023 08:37 AM
SolutionApr 22 2023 11:19 PM
Apr 22 2023 11:22 PM
Apr 24 2023 06:25 AM
Apr 24 2023 06:27 AM
Apr 24 2023 08:35 AM
May 08 2023 08:55 AM
May 10 2023 02:12 AM
May 28 2023 07:36 AM
Apr 21 2023 08:37 AM
Solution